Skip to content
Snippets Groups Projects
Commit 0c44e31f authored by nimrod's avatar nimrod
Browse files

Tagging and Terraform updates. 

- Update the AWS provider.
- Use the common tags option in the provider and improve tagging usage.
- Address a few warnings from the updated provider.
parent 94337107
No related branches found
No related tags found
No related merge requests found
Pipeline #2785 failed
Stage: .pre
Stage: build
Stage: test
Stage: deploy
Show whitespace changes
Inline Side-by-side
alarms.tf
+ 0
2
View file @ 0c44e31f
...@@ -11,7 +11,6 @@ resource "aws_cloudwatch_metric_alarm" "invocations" { ...@@ -11,7 +11,6 @@ resource "aws_cloudwatch_metric_alarm" "invocations" {
ok_actions = [local.topic_arn] ok_actions = [local.topic_arn]
period = (var.rate + 1) * 60 period = (var.rate + 1) * 60
statistic = "Sum" statistic = "Sum"
tags = local.common_tags
threshold = 1 threshold = 1
dimensions = { dimensions = {
...@@ -36,7 +35,6 @@ resource "aws_cloudwatch_metric_alarm" "errors" { ...@@ -36,7 +35,6 @@ resource "aws_cloudwatch_metric_alarm" "errors" {
ok_actions = [local.topic_arn] ok_actions = [local.topic_arn]
period = (var.rate + 1) * 60 period = (var.rate + 1) * 60
statistic = "Sum" statistic = "Sum"
tags = local.common_tags
threshold = 0 threshold = 0
dimensions = { dimensions = {
......
functions.tf
+ 2
4
View file @ 0c44e31f
locals { locals {
function_name_prefix = local.Name function_name_prefix = local.name
functions = [ functions = [
"_dns", "_dns",
"gitlab", "gitlab",
...@@ -40,9 +40,8 @@ locals { ...@@ -40,9 +40,8 @@ locals {
} }
resource "aws_iam_role" "lambda" { resource "aws_iam_role" "lambda" {
name = local.Name name = local.name
assume_role_policy = local.lambda_assume_policy_doc assume_role_policy = local.lambda_assume_policy_doc
tags = local.common_tags
} }
locals { locals {
...@@ -125,7 +124,6 @@ resource "aws_lambda_function" "function" { ...@@ -125,7 +124,6 @@ resource "aws_lambda_function" "function" {
description = "${local.module} ${local.functions[count.index]} check in ${local.env}." description = "${local.module} ${local.functions[count.index]} check in ${local.env}."
memory_size = var.memory_size memory_size = var.memory_size
reserved_concurrent_executions = -1 reserved_concurrent_executions = -1
tags = local.common_tags
timeout = var.timeout timeout = var.timeout
environment { environment {
......
log-groups.tf
+ 1
3
View file @ 0c44e31f
...@@ -3,7 +3,6 @@ resource "aws_cloudwatch_log_group" "lambda" { ...@@ -3,7 +3,6 @@ resource "aws_cloudwatch_log_group" "lambda" {
count = length(local.function_names) count = length(local.function_names)
name = "/aws/lambda/${local.function_names[count.index]}" name = "/aws/lambda/${local.function_names[count.index]}"
retention_in_days = var.log_retention retention_in_days = var.log_retention
tags = local.common_tags
} }
locals { locals {
...@@ -39,9 +38,8 @@ locals { ...@@ -39,9 +38,8 @@ locals {
} }
resource "aws_iam_policy" "log" { resource "aws_iam_policy" "log" {
name = "${local.module}-${local.env}-log" name = "${local.name}-log"
policy = local.log_policy_doc policy = local.log_policy_doc
tags = local.common_tags
} }
locals { locals {
......
main.tf
+ 12
3
View file @ 0c44e31f
terraform { terraform {
backend "http" {} backend "http" {}
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
} }
locals { locals {
...@@ -8,8 +14,9 @@ locals { ...@@ -8,8 +14,9 @@ locals {
common_tags = { common_tags = {
Environment = local.env Environment = local.env
Module = local.module Module = local.module
Name = local.name
} }
Name = "${local.module}-${local.env}" name = "${local.module}-${local.env}"
} }
output "env" { output "env" {
...@@ -35,11 +42,13 @@ output "region" { ...@@ -35,11 +42,13 @@ output "region" {
provider "aws" { provider "aws" {
region = var.region region = var.region
default_tags {
tags = local.common_tags
}
} }
resource "aws_resourcegroups_group" "group" { resource "aws_resourcegroups_group" "group" {
name = local.Name name = local.name
tags = local.common_tags
resource_query { resource_query {
query = <<EOF query = <<EOF
{ {
......
s3.tf
+ 18
12
View file @ 0c44e31f
resource "aws_s3_bucket" "payloads" { resource "aws_s3_bucket" "payloads" {
# checkov:skip=CKV_AWS_18 # checkov:skip=CKV_AWS_18
# checkov:skip=CKV_AWS_19 # checkov:skip=CKV_AWS_19
# checkov:skip=CKV_AWS_21
# checkov:skip=CKV_AWS_144 # checkov:skip=CKV_AWS_144
# checkov:skip=CKV_AWS_145 # checkov:skip=CKV_AWS_145
bucket = local.Name bucket = local.name
tags = local.common_tags
acl = "private"
force_destroy = true force_destroy = true
versioning {
enabled = true
}
} }
...@@ -19,6 +14,18 @@ locals { ...@@ -19,6 +14,18 @@ locals {
payloads_bucket_name = aws_s3_bucket.payloads.bucket payloads_bucket_name = aws_s3_bucket.payloads.bucket
} }
resource "aws_s3_bucket_versioning" "payloads" {
bucket = local.payloads_bucket_name
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_acl" "payloads" {
acl = "private"
bucket = local.payloads_bucket_name
}
resource "aws_s3_bucket_public_access_block" "payloads" { resource "aws_s3_bucket_public_access_block" "payloads" {
bucket = aws_s3_bucket.payloads.bucket bucket = aws_s3_bucket.payloads.bucket
...@@ -38,19 +45,18 @@ output "payloads_bucket_name" { ...@@ -38,19 +45,18 @@ output "payloads_bucket_name" {
value = local.payloads_bucket_name value = local.payloads_bucket_name
} }
resource "aws_s3_bucket_object" "payload" { resource "aws_s3_object" "payload" {
# checkov:skip=CKV_AWS_186 # checkov:skip=CKV_AWS_186
bucket = local.payloads_bucket_name bucket = local.payloads_bucket_name
key = "payload.zip" key = "payload.zip"
source = "payload.zip" source = "payload.zip"
etag = filemd5("payload.zip") etag = filemd5("payload.zip")
tags = local.common_tags
} }
locals { locals {
payload_object_etag = aws_s3_bucket_object.payload.etag payload_object_etag = aws_s3_object.payload.etag
payload_object_name = aws_s3_bucket_object.payload.key payload_object_name = aws_s3_object.payload.key
payload_object_version = aws_s3_bucket_object.payload.version_id payload_object_version = aws_s3_object.payload.version_id
} }
output "payload_object_etag" { output "payload_object_etag" {
......
sms-notify.tf
+ 0
3
View file @ 0c44e31f
...@@ -28,7 +28,6 @@ resource "aws_lambda_function" "sms_notify" { ...@@ -28,7 +28,6 @@ resource "aws_lambda_function" "sms_notify" {
description = "Send SMS message notification using Twilio." description = "Send SMS message notification using Twilio."
memory_size = var.memory_size memory_size = var.memory_size
reserved_concurrent_executions = -1 reserved_concurrent_executions = -1
tags = local.common_tags
timeout = var.timeout timeout = var.timeout
environment { environment {
...@@ -111,7 +110,6 @@ resource "aws_cloudwatch_log_group" "sms_notify" { ...@@ -111,7 +110,6 @@ resource "aws_cloudwatch_log_group" "sms_notify" {
# checkov:skip=CKV_AWS_158 # checkov:skip=CKV_AWS_158
name = "/aws/lambda/${local.function_name_prefix}-sms-notify" name = "/aws/lambda/${local.function_name_prefix}-sms-notify"
retention_in_days = var.log_retention retention_in_days = var.log_retention
tags = local.common_tags
} }
locals { locals {
...@@ -149,7 +147,6 @@ locals { ...@@ -149,7 +147,6 @@ locals {
resource "aws_iam_policy" "sms_notify_log" { resource "aws_iam_policy" "sms_notify_log" {
name = "${local.module}-${local.env}-sms-notify-log" name = "${local.module}-${local.env}-sms-notify-log"
policy = local.sms_notify_log_policy_doc policy = local.sms_notify_log_policy_doc
tags = local.common_tags
} }
locals { locals {
......
sns.tf
+ 2
4
View file @ 0c44e31f
resource "aws_sns_topic" "topic" { resource "aws_sns_topic" "topic" {
# checkov:skip=CKV_AWS_26 # checkov:skip=CKV_AWS_26
name = local.Name name = local.name
tags = local.common_tags
} }
locals { locals {
...@@ -61,9 +60,8 @@ locals { ...@@ -61,9 +60,8 @@ locals {
} }
resource "aws_iam_policy" "publish" { resource "aws_iam_policy" "publish" {
name = "${local.module}-${local.env}-publish" name = "${local.name}-publish"
policy = local.sns_publish_policy_doc policy = local.sns_publish_policy_doc
tags = local.common_tags
} }
locals { locals {
......
triggers.tf
+ 0
1
View file @ 0c44e31f
...@@ -14,7 +14,6 @@ resource "aws_cloudwatch_event_rule" "schedule" { ...@@ -14,7 +14,6 @@ resource "aws_cloudwatch_event_rule" "schedule" {
name = local.function_names[count.index] name = local.function_names[count.index]
description = "Schedule to trigger ${local.function_names[count.index]} functions in ${local.env}." description = "Schedule to trigger ${local.function_names[count.index]} functions in ${local.env}."
schedule_expression = "rate(${var.rate} minutes)" schedule_expression = "rate(${var.rate} minutes)"
tags = local.common_tags
} }
locals { locals {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment